Fabric CA User’s Guide
开始
安装
go get -u github.com/hyperledger/fabric-ca/cmd/...
本地开启CA服务端
fabric-ca-server start -b admin:adminpw
创建了一个fabric-ca-server-config.yaml,这个文件用于配置
使用docker开启,创建docker-compose.yml
fabric-ca-server:
image: hyperledger/fabric-ca:amd64-1.4.7
container_name: fabric-ca-server
ports:
- "7054:7054"
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
volumes:
- "./fabric-ca-server:/etc/hyperledger/fabric-ca-server"
command: sh -c 'fabric-ca-server start -b admin:adminpw'
运行
docker-compose up -d
配置fabric-ca-server-config.yaml文件
cn: fabric-ca-servernames:
- C: US
ST: "North Carolina"
L:
O: Hyperledger
OU: Fabrichosts:
- host1.example.com
- localhostca:
expiry: 131400h
pathlength: 1
cn is the Common Name
O is the organization name
OU is the organizational unit
L is the location or city
ST is the state
C is the country
启动时会根据这个生成证书,密钥,若是想要自定义生成新的密钥证书,就要删除启动时生成的ca.certfile和ca.keyfile
证书的加密形式也可以通过下面参数来配置
keyrequest:
algo: ecdsa
size: 256
密钥的长度可选种类
生产过程中一定要启动tls
tls.enabled要被设置为true
设置最大连接数量(-1为没有限制)
registry.maxenrollments
还可以给CA服务端配置数据库,默认是fabric-ca-server.db
CA客户端的开启
在客户端配置文件( fabric-ca-client-config.yaml)中输入
csr:
cn: <<enrollment ID>>
key:
algo: ecdsa
size: 256
names:
- C: US
ST: North Carolina
L:
O: Hyperledger Fabric
OU: Fabric CA
hosts:
- <<hostname of the fabric-ca-client>>
ca:
pathlen:
pathlenzero:
expiry:
配置客户端存放的目录
export FABRIC_CA_CLIENT_HOME=$HOME/fabric-ca/clients/admin
在执行
fabric-ca-client enroll -u http://admin:adminpw@localhost:7054
enroll命令将注册证书(ECert)、相应的私钥和CA证书链PEM文件存储在Fabric CA客户端msp目录的子目录中。您将看到指示PEM文件存储在何处的消息。